﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
using System.Data;

/// <summary>
/// Summary description for Account
/// </summary>
public class AccountManager
{
    public static string fullname = "";
    AccessDatabase ac = new AccessDatabase();
    SqlConnection conn;
    SqlCommand command;
    SqlDataReader reader;
    public AccountManager()
    {
        conn = ac.getConnect();
        if (conn.State != ConnectionState.Open)
        {
            conn.Open();
        }
    }

    //kiem tra dang nhap phan quyen user hay admin
    public int checkLogin(string username, string password)
    {
        int quyenhan = 2;
        string query = "select * from Accounts";
        command = new SqlCommand(query, conn);
        reader = command.ExecuteReader();
        while (reader.Read())
        {
            string uname = reader["username"].ToString();
            string pword = reader["password"].ToString();
            if (username == uname && password == pword)
            {
                fullname = reader["fullname"].ToString();
                quyenhan = Convert.ToInt32(reader["power"].ToString());
                return quyenhan;
            }
        }
        reader.Close();
        return quyenhan;
    }

    public bool checkUser(string username)
    {
        string query = "select * from Accounts";
        command = new SqlCommand(query, conn);
        reader = command.ExecuteReader();
        while (reader.Read())
        {
            string uname = reader["username"].ToString();
            if (uname == username)
            {
                return true; //username ton tai
            }
        }
        reader.Close();
        return false;
    }

    public bool checkEmail(string email)
    {
        string query = "select * from Accounts";
        command = new SqlCommand(query, conn);
        reader = command.ExecuteReader();
        while (reader.Read())
        {
            string em = reader["email"].ToString();
            if (email == em)
            {
                return true; //email ton tai
            }
        }
        reader.Close();
        return false;
    }

    public int addUser(string username, string password, string fullname, string address, string email, string phone, int power)
    {
        int rs = 0;
        if (checkUser(username) == true || checkEmail(email) == true)
        {
            return rs;
        }
        else
        {
            string query = "insert into Accounts values(@username, @password, @fullname, @address, @email, @phone, @power)";
            command = new SqlCommand(query, conn);
            command.Parameters.AddWithValue("@username", username);
            command.Parameters.AddWithValue("@password", password);
            command.Parameters.AddWithValue("@fullname", fullname);
            command.Parameters.AddWithValue("@address", address);
            command.Parameters.AddWithValue("@email", email);
            command.Parameters.AddWithValue("@phone", phone);
            command.Parameters.AddWithValue("@power", power);
            rs = command.ExecuteNonQuery();
            return rs;
        }
    }
    public int changeProfile(string username, string fullname, string address, string email, string phone)
    {
        int rs = 0;
        string query = "update Accounts set fulname=@fullname, address=@address, email=@email, phone=@phone  where username=@username";
        command = new SqlCommand(query, conn);
        command.Parameters.AddWithValue("@username", username);
        command.Parameters.AddWithValue("@fullname", fullname);
        command.Parameters.AddWithValue("@address", address);
        command.Parameters.AddWithValue("@email", email);
        command.Parameters.AddWithValue("@phone", phone);
        rs = command.ExecuteNonQuery();
        return rs;
    }

    public int changePassword(string username, string password)
    {
        int rs = 0;
        string query = "update Accounts set password=@pass where username=@username";
        command = new SqlCommand(query, conn);
        command.Parameters.AddWithValue("@username", username);
        command.Parameters.AddWithValue("@pass", password);
        rs = command.ExecuteNonQuery();
        return rs;
    }

    public int ResetPassword(string username, string password, string email)
    {
        int rs = 0;
        string query = "update Accounts set password=@pass where username=@username and email=@email";
        command = new SqlCommand(query, conn);
        command.Parameters.AddWithValue("@username", username);
        command.Parameters.AddWithValue("@pass", password);
        command.Parameters.AddWithValue("@email", email);
        rs = command.ExecuteNonQuery();
        return rs;
    }
}